Add a new cluster-debugger role and enable debugging on masters#12895
Merged
openshift-bot merged 1 commit intoopenshift:masterfrom Feb 10, 2017
Merged
Add a new cluster-debugger role and enable debugging on masters#12895openshift-bot merged 1 commit intoopenshift:masterfrom
openshift-bot merged 1 commit intoopenshift:masterfrom
Conversation
In order to better allow clusters to be instrumented, it should be possible for the cluster admin to control access to the debugging endpoint using our normal privilege roles (the kubelet already checks this), vs having special local ports (OPENSHIFT_PROFILE=web) which are dangerous to expose to all users. Add a new role that has only permission for the debug endpoints and for the metrics endpoint.
Contributor
|
Evaluated for origin test up to bc978fe |
Contributor
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin_future/38/) (Base Commit: 98ad752) |
Contributor
Author
|
verbal lgtm [merge] |
Contributor
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin_future/38/) (Image: devenv-rhel7_5889) |
Contributor
|
Evaluated for origin merge up to bc978fe |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In order to better allow clusters to be instrumented, it should be
possible for the cluster admin to control access to the debugging
endpoint using our normal privilege roles (the kubelet already checks
this), vs having special local ports (OPENSHIFT_PROFILE=web) which are
dangerous to expose to all users. Add a new role that has only
permission for the debug endpoints and for the metrics endpoint.
[test] @deads2k